SSL Certificates & Code Signing

Hosting 4 Less offers an extensive array of web security products to website authors and software developers. If you’re building and maintaining a website or developing programs, security is part of your job. Internet users are increasingly more concerned about security and demand that the sites they visit and the products they purchase be secure. In a competitive marketplace like the Internet, if your site isn’t secure or your code isn’t signed, buyers will abandon your site in favor of a competitor that they feel they can trust.

If you’re not familiar with SSL Certificates or Code Signing, read on. We’ve tried to cut through most of the technical jargon to give you a quick explanation that will help you understand why SSL Certificates and Code Signing are important to you and your business. After you have a better understanding of what these tools are, and how they’re used, you can purchase the appropriate SSL Certificates or Code Signing Certificates products right here, at Hosting 4 Less.

What is an SSL Certificate and What Does it Do?

The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party Certificate Authority (CA), to identify one end or both ends of the transactions.

In a nutshell, the information being passed back and forth is encrypted and decrypted in a number of ways to be sure that it’s kept private. Here’s how it works:

A web browser requests a secure page (usually with an address that starts with https://).

The web server sends its ‘public key’ (special block of code that identifies the sender) with its certificate.

The browser checks that the certificate was issued by a trusted party (A Certificate Authority such as Symantec, GeoTrust or RapidSSL), that the certificate is still valid and that the certificate is related to the website contacted.

The browser then uses the public key, to encrypt a random encryption key and sends it to the server where the site is hosted with the encrypted web address as well as some other encrypted http data.

The web server decodes information using its private key and uses the symmetric key to decrypt the web address.

The web server sends back the requested web page and other information encrypted with the symmetric key.

The browser decrypts the http data and html document using the symmetric key and displays the information.

The purpose of this exchange is two-fold:

To verify that the site that is being visited has been verified to be who they claim to be.
With the advent of ecommerce, online transactions of personal and financial information have become the target of criminals that can create exceptionally accurate impostor websites where viewers unknowingly divulge information that is used for identity theft and other criminal activities.

To encrypt transactions so that they cannot be intercepted.
The Internet passes data over long distances. During transmission, the packets of data being transmitted are in danger of being intercepted. Data encryption uses sophisticated encoding/decoding processes to make the data nearly impossible to decipher without the proper keys.

Utilizing an SSL Certificate to secure exchanges of personal or financial information is simple and relatively inexpensive. Web users that intend to conduct business on the Internet have an expectation that the site will be protected by an SSL Certificate and will generally refuse to submit information on sites that are not secured.

What is a Code Signing Certificate and What Does It Do?

Code Signing is the process of digitally signing computer programs and scripts to confirm the identity of the software author and guarantee that the code has not been altered or corrupted since it was created by the software’s original author. Third-party companies (Such as Symantec and Thawte) verify the author and provide tools to time and date-stamp the code.

Code Signing can provide several valuable features. The most common use of Code Signing is to provide security when distributing software through the Internet. Code Signing implementation uses a digital signature mechanism to verify the identity of the author or build system, and a means to verify that the object has not been modified. It can also be used to provide versioning information about the program or to store other meta data about an object.

For software developers that intend to publish and/or sell their products online, a Code Signing Certificate gives them the ability to assure people that are purchasing from them, that the software they are installing has not been tampered with or altered by hackers. With the widespread concern over “malware” being spread through the Internet, it is in a developer’s best interest to utilize code signing to protect their products and assure buyers that their purchases are safe.